Skip to content

Commit

Permalink
Merge pull request #29362 from nextcloud/fix/groupfolder-copy-acl
Browse files Browse the repository at this point in the history 
Fix security issues when copying groupfolder with advanced ACL
  • Loading branch information
@CarlSchwan
CarlSchwan authored Oct 21, 2021
2 parents 9a8bb5e + 9408f8a commit 5d9474d
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion lib/private/Files/Storage/Local.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -525,7 +525,10 @@ private function calculateEtag(string $path, array $stat): string {
* @return bool
*/
public function copyFromStorage(IStorage $sourceStorage, $sourceInternalPath, $targetInternalPath, $preserveMtime = false) {
if ($sourceStorage->instanceOfStorage(Local::class)) {
// Don't treat ACLStorageWrapper like local storage where copy can be done directly.
// Instead use the slower recursive copying in php from Common::copyFromStorage with
// more permissions checks.
if ($sourceStorage->instanceOfStorage(Local::class) && !$sourceStorage->instanceOfStorage('OCA\GroupFolders\ACL\ACLStorageWrapper')) {
if ($sourceStorage->instanceOfStorage(Jail::class)) {
/**
* @var \OC\Files\Storage\Wrapper\Jail $sourceStorage
Expand Down

0 comments on commit 5d9474d

Please sign in to comment.